Format: 1.8 Date: Tue, 02 Jan 2024 12:13:02 -0500 Source: openssh Binary: openssh-client openssh-client-udeb openssh-server openssh-server-udeb openssh-sftp-server openssh-tests ssh-askpass-gnome Architecture: riscv64 riscv64_translations Version: 1:8.2p1-4ubuntu0.11 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot openssh-tests - OpenSSH regression tests ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Changes: openssh (1:8.2p1-4ubuntu0.11) focal-security; urgency=medium . * SECURITY UPDATE: Supplemental groups not initialized - debian/patches/CVE-2021-41617-1.patch: add initgroups() before setresgid() in auth.c. - debian/patches/CVE-2021-41617-2.patch: add grp.h in auth.c. - CVE-2021-41617 * SECURITY UPDATE: command injection via shell metacharacters - debian/patches/CVE-2023-51385.patch: ban user/hostnames with most shell metacharacters in ssh.c. - CVE-2023-51385 Checksums-Sha1: 3192d586375997e94b1f2c09c0b8c782ec13c862 3831856 openssh-client-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb 32ec2cf5ac1568db65dd4e8092375437f077f15a 279832 openssh-client-udeb_8.2p1-4ubuntu0.11_riscv64.udeb c22aac0bd3e1b9aaffe7951e8bce94d053ccf6ce 609852 openssh-client_8.2p1-4ubuntu0.11_riscv64.deb 69f3dd28bb6e83e5fc39fbcb076a4bbca0d192ca 1051632 openssh-server-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb eb1ec53fe4c52b13ab87dda1bbc7a7e4035edb6f 299056 openssh-server-udeb_8.2p1-4ubuntu0.11_riscv64.udeb 985310f000a434e4554b35925be1bbc6bd839b08 348372 openssh-server_8.2p1-4ubuntu0.11_riscv64.deb 2c15a78dcb6666ac420f02774de7dde9c6a1d720 161752 openssh-sftp-server-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb 8604a415aa3d17437efcc73f4adc885f664c7ff2 45516 openssh-sftp-server_8.2p1-4ubuntu0.11_riscv64.deb 4cf67e8b7afc7d7b96b044c6931c83c80b969014 2298572 openssh-tests-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb 1a230ca7c03f01167f9e11942e5b719dbcd34389 733132 openssh-tests_8.2p1-4ubuntu0.11_riscv64.deb b965ba771386babd6abfc0b5373535d5b8083a5f 19551 openssh_8.2p1-4ubuntu0.11_riscv64.buildinfo cd4a5dd02edaa697bb08b8ebcdb4b2e281a9eb0d 8496 openssh_8.2p1-4ubuntu0.11_riscv64_translations.tar.gz c24b9c1e9f8339f9498be9939544cff8d801b1f5 12764 ssh-askpass-gnome-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb 9849489ff4fb20723c977f54113c7afa8904335f 16716 ssh-askpass-gnome_8.2p1-4ubuntu0.11_riscv64.deb Checksums-Sha256: fe2282e6387ba02488c65ba0b7e4462b0c9adad092edafda98532f2bb80b6215 3831856 openssh-client-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb 4a5f10b781de9eb4edeb8c38766e4f40dc0fb77507723a3e0dc3331a7a55c888 279832 openssh-client-udeb_8.2p1-4ubuntu0.11_riscv64.udeb 7ee780a3002c27781f3c81d2f1d82472800882ab78621a1ab709e23a7a75bbd9 609852 openssh-client_8.2p1-4ubuntu0.11_riscv64.deb 020ff5c839e28abb7429b396f843f7fbc17e079b3ed99b3321ab618d1ee3ee84 1051632 openssh-server-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb dbca1297806f199f2f777f615041a0a48377368e51c255bb615e95c8f2cfcafb 299056 openssh-server-udeb_8.2p1-4ubuntu0.11_riscv64.udeb d9a93532bdfb4dbdb0b2ea4c356b9b581d48c17cd25cbaccc681c08d153c2d44 348372 openssh-server_8.2p1-4ubuntu0.11_riscv64.deb 43c6adb4453d54f80f2c7b4b8c799906bda01c2118ae4fcc6224425170320f66 161752 openssh-sftp-server-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb cd908044e9189e8e9bd03ea0b9d9c4b9d511044158b8495292c9c8b43e2c6782 45516 openssh-sftp-server_8.2p1-4ubuntu0.11_riscv64.deb a8a29284011687044bb8b53a10aece95a207c0beb78187beca83a0cc624ce7ab 2298572 openssh-tests-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb ae115b3d42d80d4945af8591c1db28914509d5eef84d09494ae44994d9ea048e 733132 openssh-tests_8.2p1-4ubuntu0.11_riscv64.deb 7b75e573c42e5a23f5e48f5016e855c0b9dfd5ecfda1944d779ab64790f71647 19551 openssh_8.2p1-4ubuntu0.11_riscv64.buildinfo 2a8b62f2c1f70ec56c8dca33b66ecfe6e7302dc4f5da5fbb57222c2f91f154cf 8496 openssh_8.2p1-4ubuntu0.11_riscv64_translations.tar.gz 5f933a4924ebb9dc0b94c6e1a029647cfd728922988bb416c18a402f10029c21 12764 ssh-askpass-gnome-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb d75209a38f5fe2fab80dc16cb8965a08e034495cdeca6d5192afc7ca022c391f 16716 ssh-askpass-gnome_8.2p1-4ubuntu0.11_riscv64.deb Files: 2e184656e9d706c40647a69b5d86c44e 3831856 debug optional openssh-client-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb 85afaa04ffd27b151c0f92f76e32183a 279832 debian-installer optional openssh-client-udeb_8.2p1-4ubuntu0.11_riscv64.udeb 561e07a4e58490a0cd4fcfd202c11149 609852 net standard openssh-client_8.2p1-4ubuntu0.11_riscv64.deb 14761183a3f2972c249cb5144e7ab22f 1051632 debug optional openssh-server-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb d439f09f8dfb7a66bc6951843ebbfb9e 299056 debian-installer optional openssh-server-udeb_8.2p1-4ubuntu0.11_riscv64.udeb 6e56ca26a6fc4398de8aef147abd077d 348372 net optional openssh-server_8.2p1-4ubuntu0.11_riscv64.deb 2799ffbcf7855e599e649732a3204f50 161752 debug optional openssh-sftp-server-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb 6e1a66f8f1995a929fb1726e6f7cede7 45516 net optional openssh-sftp-server_8.2p1-4ubuntu0.11_riscv64.deb b2fa65a30c6dff183c6fa9a86e3a04a3 2298572 debug optional openssh-tests-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb 8646f00fd9b5956438bba7d1f2691609 733132 net optional openssh-tests_8.2p1-4ubuntu0.11_riscv64.deb b186c9c595a6b79f3ce62d380171af3e 19551 net standard openssh_8.2p1-4ubuntu0.11_riscv64.buildinfo 3c5a36ff6d74867b7146908104ec4139 8496 raw-translations - openssh_8.2p1-4ubuntu0.11_riscv64_translations.tar.gz 68c2815311fbe66b4a62fc34476a3d8d 12764 debug optional ssh-askpass-gnome-dbgsym_8.2p1-4ubuntu0.11_riscv64.ddeb d16c5c0034b9bd57144a7bb6bbe769d9 16716 gnome optional ssh-askpass-gnome_8.2p1-4ubuntu0.11_riscv64.deb Original-Maintainer: Debian OpenSSH Maintainers